sqwebmail.txt

sqwebmail.txt: Posted Jun 16, 2005; Site hackerscenter.com; Sqwebmail is susceptible to a cross site scripting vulnerability.; tags | advisory, xss; SHA-256 | bbcd1dab317514856e9a775df797f71fdb7a6ea060f85d684815cc2326b35fb7; Download | Favorite | View

sqwebmail.txt



Hackers Center Security Group (http://www.hackerscenter.com/)        
Zinho's Security Advisory         

Desc: Http Splitting leads to email account stealing 
Product: SQWebmail 
Risk: High 


A dangerous http splitting attack can be taken against mailboxes that  use Sqwebmail as web mail interface. Anyone can send a malformed  link in the email body and stealing session cookie and passwords. 



Proof of concept:  
///  
sqwebmail?redirect=%0d%0a%0d%0a[INJECT SCRIPT] 

///  

Vendor should patch this issue soon as anyone can attack a user  directly. 



Author:         
Zinho is webmaster and founder of http://www.hackerscenter.com ,      
Security research   portal       
Secure Web Hosting Companies Reviewed:      
http://www.securityforge.com/web-hosting/secure-web-hosting.asp      

zinho-no-spam @ hackerscenter.com

Top Authors In Last 30 Days

Red Hat 306 files
indoushka 132 files
Ubuntu 94 files
Gentoo 32 files
Debian 24 files
LiquidWorm 18 files
malvuln 8 files
Google Security Research 8 files
verylazytech 3 files
Seth Jenkins 3 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,144)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,627)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,101)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,931)
UNIX (9,469)
UnixWare (188)
Windows (6,784)
Other

sqwebmail.txt

sqwebmail.txt

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

sqwebmail.txt

Share This

sqwebmail.txt

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems